700 Million Androids Pre-Installed with Chinese Spyware

A Chinese software company called Adups, whose firmware comes pre-installed on some 700 million Android devices, has been found to be able to collect personal information from users without their knowledge or consent.

Security analyst firm Kryptowire first discovered the privacy breach in November 2016. Adups data mining was revealed almost by accident by a Kryptowire employee who discovered a backdoor allowing information to be leaked. After that, antivirus manufacturer Trustlook dug deeper and the scope of the privacy violations facilitated by Adups was quickly shown to be significant. The Adups data collector was found to collect text messages, call history, and device information from phones upon which it is installed.

Adups denied that the software is used to collect private user data, but was instead put in place “to identify junk text messages and calls.” They then referred to the installation of it on US phones as a “mistake.”

The majority of Android phones that use Adups are smaller companies that only release devices in Asia. However, BLU Products (which claims to have sold 35 million devices in the Western hemisphere) and several other well-known manufacturers including Lenovo and ZTE also install Adups firmware on their smartphones. BLU announced that they will no longer use Adups firmware on their phones, switching it out for one made by Google. Lenovo, ZTE, and others have followed suit.